{"id":54937,"date":"2023-12-19T09:26:08","date_gmt":"2023-12-19T09:26:08","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/"},"modified":"2023-12-19T09:26:08","modified_gmt":"2023-12-19T09:26:08","slug":"qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/","title":{"rendered":"Qakbot&#8217;s backbot: FBI-led takedown keeps crims at bay for just 3 months"},"content":{"rendered":"<p>Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet.<\/p>\n<p>Microsoft Threat Intelligence reckons a new Qakbot phishing campaign is active as of December 11 but attack attempts are currently low in volume.<\/p>\n<p>The gang targets the hospitality sector, initially using phishing emails containing malicious PDF attachments that they&#8217;ve doctored to look like they come from the US Internal Revenue Service (IRS).<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>When opened, the PDF presents the target with an error screen indicating a preview of the document isn&#8217;t available, alongside a button to download the document from &#8220;AdobeCloud.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Germ\u00e1n Fern\u00e1ndez, security researcher at CronUp, <a href=\"https:\/\/twitter.com\/1ZRR4H\/status\/1735944522075386332\" rel=\"nofollow\">said<\/a> the same PDF template was used by Pikabot operators just days earlier \u2013 Windows malware that shares many similarities with Qakbot. Both are being associated with attacks from the group Proofpoint tracks as TA577.<\/p>\n<p>Clicking the button in the PDF led to the download and installation of Qakbot, which Microsoft said may have been an updated payload. The previously unseen version, 0x500, was generated on December 11, according to its analysis.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The team at Zscaler ThreatLabz <a href=\"https:\/\/twitter.com\/Threatlabz\/status\/1735863156738871470\" rel=\"nofollow\">confirmed<\/a> that the payload was updated, and the new version has a 64-bit architecture, uses AES for network encryption, and sends POST requests to path \/teorema505.<\/p>\n<p>Two researchers at Proofpoint, Tommy Madjar and Pim Trouerbach, also <a href=\"https:\/\/twitter.com\/ffforward\/status\/1736075488140079489\" rel=\"nofollow\">confirmed<\/a> they had spotted updated Qakbot activity, but the new features only amount to &#8220;<a href=\"https:\/\/twitter.com\/Myrtus0x0\/status\/1735931232436003108\" rel=\"nofollow\">minor tweaks<\/a>.&#8221;&nbsp;<\/p>\n<p>They added that the new Qakbot activity goes back to November 28, roughly two weeks further than December 11 \u2013 the date Microsoft first spotted it.<\/p>\n<h3 class=\"crosshead\">Qakbot&#8217;s takedown<\/h3>\n<p>August saw the conclusion of Operation Duck Hunt with what authorities said at the time was a takedown of Qakbot, seizing its infrastructure and 20 of its operators&#8217; crypto wallets.<\/p>\n<p>The FBI, which oversaw Op Duck Hunt, <a href=\"https:\/\/www.theregister.com\/2023\/08\/29\/duck_hunt_qakbot\/\">said<\/a> it was &#8220;the most significant technological and financial operation ever led by the Department of Justice against a botnet.&#8221;&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The operation was also supported by authorities in the UK, France, Germany, the Netherlands, and Latvia, but didn&#8217;t result in any arrests.<\/p>\n<p>Dan Schiappa, chief product officer at security shop Arctic Wolf, said while praise should certainly go to the authorities that worked to bring down the original botnet, Qakbot&#8217;s resurgence illustrates the difficulty in tackling cybercrime, especially without making arrests.<\/p>\n<p>&#8220;The fact this botnet appears to have come back to life, as have others in the past, shows the challenge that we all have dealing with organized crime gangs who often run these sorts of campaigns. At times it can feel like we are playing a game of Whac a Mole\u2026 as soon as it&#8217;s shut down it springs back somewhere else.<\/p>\n<p>&#8220;What we need to recognize is that malware networks like Qakbot are businesses for the bad guys who operate a fluid and flexible business model. It means they can spin up new opportunities quickly to continue their lucrative activities, and bring online new resources to keep their businesses running. These organizations anticipate infrastructure being brought down and they are prepared to resurface like a Phoenix.<\/p>\n<p>&#8220;They also know that too many enterprises still fail to patch software or upgrade their security posture in the light of new threats. We encourage organizations to remain vigilant, implement robust cybersecurity measures, and educate their employees about the risks associated with phishing emails and other cyber threats.&#8221;<\/p>\n<p>Qakbot&#8217;s revival may not come as a surprise to some, since Emotet was also <a href=\"https:\/\/www.theregister.com\/2021\/04\/26\/emotet_sunday_25_april_killswitch_date\/\">taken down<\/a> by an internationally co-ordinated law enforcement operation in 2021 but resurfaced again <a href=\"https:\/\/www.theregister.com\/2021\/11\/16\/emotet_botnet_rappears\/\">later that year<\/a>.<\/p>\n<p>At its height, Emotet controlled more than 1 million machines and was widely understood to be the most developed botnet in the world.<\/p>\n<p>Emotet&#8217;s return was met with concern from the infosec industry at the time, and in less than a year after its takedown it was once again ranked the <a href=\"https:\/\/www.theregister.com\/2022\/04\/21\/emotet-resurgence-email\/\">number-one malware<\/a> in operation.<\/p>\n<p>However, since 2022, Emotet has tailed off, flittering between periods of activity and silence, and has laid dormant for months following a brief surge in March.<\/p>\n<p>Jakub Kalo\u010d, malware researcher at ESET, <a href=\"https:\/\/www.welivesecurity.com\/2023\/07\/06\/whats-up-with-emotet\/\" rel=\"nofollow\">said<\/a> in a July blog that Emotet&#8217;s extended period of downtime is likely due to it &#8220;failing to find an effective, new attack vector.&#8221;<\/p>\n<p>Speaking to <em>The Register<\/em>, Selena Larson, senior threat intelligence analyst at Proofpoint, said there is still evidence to show that Operation Duck Hunt&#8217;s disruption has had an impact on Qakbot&#8217;s operations, but it may mirror Emotet&#8217;s downfall and take time for it to fully die off.<\/p>\n<p>&#8220;At this time Proofpoint is unable to assess with high confidence whether the Qbot activity will continue to limp along and have limited impact across the landscape or return to its previous activity levels,&#8221; said Larson.&nbsp;<\/p>\n<p>&#8220;However, researchers can compare the activity to Emotet&#8217;s return to the threat landscape after law enforcement disruption in 2021: Emotet returned with high-volume campaigns in late 2021 through 2022, but the botnet did not regain its earlier prominence and has not been observed in campaign data since March 2023.&#8221;<\/p>\n<p>Larson added: &#8220;It&#8217;s also worth noting the Qbot law enforcement disruption removed hundreds of thousands of infections, which would significantly hamstring any recurring operations and require some rebuilding on the effort of the threat actors.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2023\/12\/19\/qakbot_returns\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Experts say malware strain make take years to die off completely Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-54937","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Qakbot&#039;s backbot: FBI-led takedown keeps crims at bay for just 3 months 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Qakbot&#039;s backbot: FBI-led takedown keeps crims at bay for just 3 months 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-19T09:26:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Qakbot&#8217;s backbot: FBI-led takedown keeps crims at bay for just 3 months\",\"datePublished\":\"2023-12-19T09:26:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/\"},\"wordCount\":887,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/\",\"name\":\"Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-12-19T09:26:08+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Qakbot&#8217;s backbot: FBI-led takedown keeps crims at bay for just 3 months\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/","og_locale":"en_US","og_type":"article","og_title":"Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-12-19T09:26:08+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Qakbot&#8217;s backbot: FBI-led takedown keeps crims at bay for just 3 months","datePublished":"2023-12-19T09:26:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/"},"wordCount":887,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/","url":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/","name":"Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-12-19T09:26:08+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYu5VV@Xw@ZzmJHomMcE2QAAApA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/qakbots-backbot-fbi-led-takedown-keeps-crims-at-bay-for-just-3-months\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Qakbot&#8217;s backbot: FBI-led takedown keeps crims at bay for just 3 months"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54937","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54937"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54937\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54937"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54937"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54937"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}